Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Member
Join Date: Nov 2001
Posts: 52
#1 (permalink)  
Old 01-11-2008, 04:04 PM
Default How to flush/reset DNS proxy cache?

I have installed a couple of split horizon dns servers on my network among caching standard internet address lookups it also provides name service (fwd & rev) for an internal 10. network.

I have these two dns server listed as forwarding name servers (positions 1 & 2) in the DNS proxy setup page on my ASL v6 box.

If I point a dns lookup of an internal 10. host to the ASL dns proxy the ASL dns proxy is unable to provide a successful lookup response. It should, shouldn't it?

The dns servers existed in the ASL dns proxy list prior to my adding the internal network address tables and enabling resolution of the 10. network. Is it possible that the ASL's cache still thinks there is no address information for a 10. network because there wasn't yesterday?

If so, how do I flush the dns cache tables? Can it be done without a reboot? Is there a method to login to the command line environment via ssh and enter a command that will flush or expire the currently cached DNS information and make it start fresh lookups, where it will hopefully complete successful lookups of the 10. information?

Thanks
Reply With Quote
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,052
#2 (permalink)  
Old 01-11-2008, 08:38 PM
Default

In the web admin interface, disabling and re-enabling the DNS proxy normally does the trick.

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote
Simon Shaw's Avatar
User since 2001.
Join Date: Jun 2001
Location: Perth, Western Australia
Posts: 2,999
#3 (permalink)  
Old 01-17-2008, 04:27 AM
Default

True.

A button to press to clear the DNS cache would be nice. (That also re-adds custom DNS entries too from the DNS config page)..
__________________
Simon Shaw. ACEv8
Systems Manager
Micromine PL
Microsoft Gold Partner.

Astaro licenses in locations:
Australia, Canada, China, Indonesia, Kazakhstan, Mongolia, Russia, South Africa and United Kingdom.
Reply With Quote
Krycek's Avatar
Senior Member
Join Date: Mar 2008
Location: Bonn, Germany
Posts: 382
#4 (permalink)  
Old 03-03-2009, 12:04 PM
Default

erm... may be a dumb question: where's the button to disable/enable the dns proxy? I don't see it...
Reply With Quote
Krycek's Avatar
Senior Member
Join Date: Mar 2008
Location: Bonn, Germany
Posts: 382
#5 (permalink)  
Old 03-03-2009, 03:35 PM
Default

well... for future reference (maybe just for myself... I know I'll be asking again in like 3 or 4 months)
It can be done using ssh:
Code:
/var/mdw/scripts/named restart
this did indeed delete/flush the dns cache on my astaro box.
Reply With Quote
AngeloC's Avatar
Ninja at Large
Join Date: May 2003
Posts: 8,810
#6 (permalink)  
Old 03-03-2009, 04:23 PM
Default

Just a heads up, we plan to add a "flush dns cache" button/option in 7.500 for the next months... we're listening!
__________________
-Angelo
Reply With Quote
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,052
#7 (permalink)  
Old 03-03-2009, 07:08 PM
Default

Quote:
Originally Posted by Krycek View Post
erm... may be a dumb question: where's the button to disable/enable the dns proxy? I don't see it...
Oops... I guess it's not there anymore.
Making a change to the 'allowed networks' under Network-DNS might have the same effect.

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote
Member
Join Date: Jul 2006
Posts: 95
#8 (permalink)  
Old 03-26-2009, 01:22 AM
Default

Awesome, this fixed me up

Quote:
Originally Posted by Krycek View Post
well... for future reference (maybe just for myself... I know I'll be asking again in like 3 or 4 months)
It can be done using ssh:
Code:
/var/mdw/scripts/named restart
this did indeed delete/flush the dns cache on my astaro box.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 11:50 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.